ddroid

chkdsk ran without finding any errors

Do you have any idea what might be causing this??

i reinstalled MSE and ran another full scan in safe mode overnight. when I woke up, there was a BSOD with the message KERNEL_STACK_INPAGE_ERROR and a stop message of STOP: 0x00000077 (0xC000009C, 0xC000009C, 0x00000000, 0x0025D000)

it didn't say that it fixed any errors

I unplugged the comp from the internet, disabled Ad-Aware and MSE, and ran combofix a box poped up saying that MSE might interfere with it, so i just uninstalled MSE here's the log file from combofix: ComboFix 10-06-21.01 - JOHN 06/21/2010 18:27:21.2.2 - x86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.364 [GMT -4:00] Running from: F:\ComboFix.exe FW: ActiveArmor Firewall *disabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D} . ((((((((((((((((((((((((( Files Created from 2010-05-21 to 2010-06-21 ))))))))))))))))))))))))))))))) . 2010-06-21 21:57 . 2010-06-21 22:16 -------- d-----w- c:\documents and settings\JOHN\Local Settings\Application Data\ApplicationHistory 2010-06-20 21:08 . 2010-06-20 21:08 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE 2010-06-20 15:26 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-06-20 15:26 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-06-19 14:49 . 2010-06-19 14:49 -------- d-----w- c:\windows\system32\URTTEMP 2010-06-19 07:07 . 2010-06-19 07:07 -------- d-----w- c:\windows\system32\wbem\Repository 2010-06-19 05:47 . 2010-06-19 05:47 -------- d-----w- C:\found.003 2010-06-18 23:22 . 2010-05-06 10:41 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll 2010-06-18 22:31 . 2010-06-18 22:33 -------- d-----w- c:\program files\CCleaner 2010-06-15 21:05 . 2010-06-17 22:47 -------- d-----w- c:\program files\Defraggler 2010-06-15 20:44 . 2010-06-15 20:44 -------- d-----w- c:\documents and settings\JOHN\Local Settings\Application Data\PCHealth 2010-06-14 03:30 . 2010-06-14 03:30 54904 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-06-14 03:26 . 2010-06-14 03:26 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\PCHealth 2010-06-13 23:23 . 2010-06-13 17:14 15880 ----a-w- c:\windows\system32\lsdelete.exe 2010-06-13 17:14 . 2010-06-13 17:14 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2010-06-13 17:10 . 2010-06-13 17:14 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys 2010-06-13 16:36 . 2010-06-13 17:09 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6} 2010-06-13 03:37 . 2010-06-13 03:37 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes 2010-06-13 03:37 . 2010-06-20 15:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-06-13 03:37 . 2010-06-13 03:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-06-13 03:37 . 2010-06-13 03:37 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Adobe 2010-06-13 03:10 . 2010-06-13 03:10 -------- d-----w- c:\documents and settings\Jack\Local Settings\Application Data\PCHealth 2010-06-13 03:05 . 2004-08-04 02:58 14848 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys 2010-06-13 03:05 . 2004-08-04 02:58 14848 ----a-w- c:\windows\system32\drivers\kbdhid.sys 2010-06-08 10:50 . 2010-06-08 10:50 -------- d-----w- C:\225cb9055520c5458e4086 2010-06-06 15:43 . 2010-06-06 15:45 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS 2010-06-06 15:43 . 2010-06-06 15:43 -------- d-----w- c:\program files\NOS 2010-05-28 00:14 . 2010-05-28 00:14 -------- d-----w- C:\Nexon 2010-05-28 00:14 . 2010-05-28 00:14 -------- d-----w- c:\documents and settings\All Users\Application Data\NexonUS 2010-05-27 11:02 . 2010-05-28 01:07 -------- d-----w- c:\documents and settings\Jack\Local Settings\Application Data\PMB Files 2010-05-27 11:02 . 2010-05-27 11:03 -------- d-----w- c:\documents and settings\All Users\Application Data\PMB Files 2010-05-27 11:01 . 2010-05-27 11:01 -------- d-----w- c:\program files\Pando Networks 2010-05-23 14:58 . 2010-05-23 14:58 -------- d-----w- c:\documents and settings\Jack\Application Data\Office Genuine Advantage 2010-05-23 00:03 . 2010-06-09 10:52 -------- d-----w- c:\program files\Guild Wars . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-06-21 20:11 . 2008-11-30 00:49 -------- d-----w- c:\program files\Common Files\Symantec Shared 2010-06-20 23:06 . 2007-02-09 21:35 -------- d-----w- c:\program files\ESET 2010-06-18 23:49 . 2008-05-14 12:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater 2010-06-14 03:20 . 2007-07-13 20:41 -------- d-----w- c:\program files\Steam 2010-06-13 17:09 . 2009-04-05 22:09 -------- d-----w- c:\program files\Lavasoft 2010-06-13 17:08 . 2009-04-05 22:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft 2010-06-05 22:03 . 2010-02-25 17:29 -------- d-----w- c:\program files\Microsoft Silverlight 2010-05-28 00:14 . 2010-05-28 00:14 98304 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll 2010-05-28 00:14 . 2010-05-28 00:14 126976 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\nxgameus.dll 2010-05-28 00:14 . 2010-05-28 00:14 765952 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\NGMDll.dll 2010-05-28 00:14 . 2010-05-28 00:14 401408 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\NGMResource.dll 2010-05-28 00:14 . 2010-05-28 00:14 258352 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\unicows.dll 2010-05-28 00:14 . 2010-05-28 00:14 172032 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\NGM.exe 2010-05-21 18:14 . 2009-11-18 02:54 221568 ------w- c:\windows\system32\MpSigStub.exe 2010-05-20 00:36 . 2010-05-20 00:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage 2010-05-18 22:51 . 2007-02-11 03:16 -------- d-----w- c:\program files\Google 2010-05-06 10:41 . 2006-02-28 12:00 916480 ----a-w- c:\windows\system32\wininet.dll 2010-05-06 01:45 . 2010-05-05 23:50 -------- d-----w- c:\documents and settings\Jack\Application Data\TS3Client 2010-05-02 05:56 . 2006-02-28 12:00 1850880 ----a-w- c:\windows\system32\win32k.sys 2010-04-20 05:51 . 2006-02-28 12:00 285696 ----a-w- c:\windows\system32\atmfd.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2009-02-28 160592] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-22 68856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480] "DLPSP"="c:\program files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE" [2009-07-08 406840] "DLUPDR"="c:\program files\Dell Printers\Additional Color Laser Software\Updater\DLUPDR.EXE" [2009-07-08 243008] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2009-02-28 160592] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2006-02-28 15360] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160] c:\documents and settings\All Users\Start Menu\Programs\Startup\ VPN Client.lnk - c:\windows\Installer\{176130BC-99A1-41FE-A78B-56045E33AD70}\Icon3E5562ED7.ico [2008-10-9 6144] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader] 2005-09-09 06:18 57344 -c--a-w- c:\program files\Adobe\Photoshop Elements 4.0\apdproxy.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2009-11-12 21:33 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2004-10-13 16:24 1694208 ------w- c:\program files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] 2006-10-22 17:22 7700480 ----a-w- c:\windows\system32\nvcpl.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] 2006-10-22 17:22 86016 ----a-w- c:\windows\system32\nvmctray.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] 2006-10-22 17:22 1622016 ----a-w- c:\windows\system32\nwiz.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2009-11-11 04:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX] 2006-07-13 13:12 729088 ----a-w- c:\program files\Analog Devices\SoundMAX\SMax4.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP] 2006-07-20 21:04 847872 ----a-r- c:\program files\Analog Devices\Core\smax4pnp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] 2007-06-22 03:20 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wextract_cleanup0] 2009-03-08 09:32 128512 ----a-w- c:\windows\system32\advpack.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Steam\\Steam.exe"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\Program Files\\AIM6\\aim6.exe"= "c:\\Program Files\\Unreal Tournament 3\\Binaries\\UT3.exe"= "c:\\Program Files\\Ventrilo\\Ventrilo.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Laplink\\PCmover\\PCmover.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"= "c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"= "c:\\Program Files\\Steam\\steamapps\\common\\left 4 dead 2\\left4dead2.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3724:TCP"= 3724:TCP:Blizzard Downloader: 3724 "58982:TCP"= 58982:TCP:Pando Media Booster "58982:UDP"= 58982:UDP:Pando Media Booster R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [6/13/2010 1:10 PM 64288] R1 RCFOX;SonicWALL IPsec Driver;c:\windows\system32\drivers\RCFOX.SYS [4/11/2007 1:46 PM 91136] R2 DLSDB;Dell Printer Status Database;c:\program files\Dell Printers\Additional Color Laser Software\Status Monitor\dlsdbnt.exe [3/22/2008 2:55 PM 140184] R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [4/25/2008 1:33 PM 24652] R3 rcvpn;SonicWALL VPN Adapter;c:\windows\system32\drivers\rcvpn.sys [4/11/2007 1:44 PM 23180] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [11/21/2009 7:50 PM 135664] S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2/4/2010 11:52 AM 1352832] S2 Remote;Remote;c:\program files\Remote\Remote.exe --> c:\program files\Remote\Remote.exe [?] S3 FANTOM;LEGO MINDSTORMS NXT Driver;c:\windows\system32\drivers\fantom.sys [3/10/2006 3:55 PM 39424] S3 jatmlano;jatmlano;\??\c:\docume~1\Jack\LOCALS~1\Temp\jatmlano.sys --> c:\docume~1\Jack\LOCALS~1\Temp\jatmlano.sys [?] S3 LLUSBFLT;LLUSBFLT;c:\windows\system32\drivers\llusbflt.sys [11/10/2009 12:13 PM 4736] S3 MusCDriverV32;MusCDriverV32;c:\windows\system32\drivers\MusCDriverV32.sys [3/5/2008 9:17 PM 513152] S3 MusCVideo32;MusCVideo32;c:\windows\system32\drivers\MusCVideo32.sys [3/5/2008 9:17 PM 3768] S3 PLUsbbc2;High-Speed USB Bridge Cable Driver;c:\windows\system32\drivers\usbbc2.sys [11/10/2009 12:13 PM 8960] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] getPlusHelper REG_MULTI_SZ getPlusHelper . Contents of the 'Scheduled Tasks' folder 2010-06-20 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 08:18] 2010-03-30 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 16:34] 2010-06-21 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-11 21:10] 2010-06-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-11-21 23:49] 2010-06-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-11-21 23:49] 2010-06-21 c:\windows\Tasks\OGALogon.job - c:\windows\system32\OGAEXEC.exe [2009-08-03 19:07] 2010-06-21 c:\windows\Tasks\User_Feed_Synchronization-{0E186B57-1837-46F0-AFCE-B7E1B1FD45F0}.job - c:\windows\system32\msfeedssync.exe [2006-10-17 09:31] 2010-06-21 c:\windows\Tasks\User_Feed_Synchronization-{AD4B59E8-ED27-450C-BBA8-27B7F6734822}.job - c:\windows\system32\msfeedssync.exe [2006-10-17 09:31] . . ------- Supplementary Scan ------- . uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uStart Page = hxxp://www.google.com/ig uSearchURL,(Default) = hxxp://www.google.com/search?q=%s DPF: {C2B78FF1-6E5A-4854-AC24-E09A0E2411BA} - hxxp://static3.meetupstatic.com/applet/MeetUploader5.cab . . ------- File Associations ------- . txtfile=%windir%\NOTEPAD.EXE %1 . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-06-21 18:38 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters] "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,79,00,73,00,\ . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(2240) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Completion time: 2010-06-21 18:45:49 ComboFix-quarantined-files.txt 2010-06-21 22:45 ComboFix2.txt 2010-06-19 14:19 Pre-Run: 79,679,188,992 bytes free Post-Run: 79,674,454,016 bytes free - - End Of File - - 1367B413F153108013054E633EEC6AA8

i have already installed and run MBAM on the computer. As i said above, it finds no infected files, but it give me an "Access is denied" screen at the end of the scan when it tries to open the log files.

I uninstalled NOD32, reinstalled MSE, and I am still getting a BSOD when I run a MSE scan in safe mode. the stop info is: STOP: 0x00000024 (0x001902FE, 0xF78C2B74, 0xF78C2870, 0xF73056D4) Ntfs.sys - Address F73056D4 base at F72F4000, DateStamp 45cc56a7

I am trying to fix my computer that was laden with viruses. I installed MBAM and ran a scan, and it found and removed a bunch of infected files, but when the scan finished, a pop-up appeared that said access to the log file was denied. I found this strange considering that i was running in safe mode as an administrator, but i ignored it. I then installed Microsoft Security Essentials and ran a scan in safe mode overnight, but when I woke up there was a BSOD. Again, I ignored itm and tried to use the computer, but it runs at a snail's pace because MsMpEng.exe is taking up almost all the CPU. I know that MsMpEng.exe is the service for Microsoft Security Essentials, but on my other computers it doesn't use up anywhere near as much CPU. I think there may be some virus or malware left lurking in the computer. Below is my HJT log file. Does anybody know what might be causing this?? Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 5:17:50 PM, on 6/20/2010 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Safe mode with network support Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe c:\Program Files\Microsoft Security Essentials\MsMpEng.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe F:\HiJackThis.exe C:\WINDOWS\system32\ctfmon.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - Default URLSearchHook is missing O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [DLPSP] "C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE" O4 - HKLM\..\Run: [DLUPDR] "C:\Program Files\Dell Printers\Additional Color Laser Software\Updater\DLUPDR.EXE" O4 - HKLM\..\Run: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" (User 'Default user') O4 - Global Startup: VPN Client.lnk = ? O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab O16 - DPF: {38AB0814-B09B-4378-9940-14A19638C3C2} (Auctiva Image Uploader Control) - http://merchant.auctivacommerce.com/js/ImageUploader57.cab O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab O16 - DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} (ContactExtractor Class) - http://www.facebook.com/controls/contactx.dll O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.0...oUploader55.cab O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://a.download.toontown.com/sv1.0.37.11/ttinst.cab O16 - DPF: {C2B78FF1-6E5A-4854-AC24-E09A0E2411BA} (MeetUploader Control) - http://static3.meetupstatic.com/applet/MeetUploader5.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {F137B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://cvs.pnimedia.com/upload/activex/v2_...upv2.0.0.11.cab? O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe O23 - Service: Dell Printer Status Watcher (DLPWD) - Dell Inc. - C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE O23 - Service: Dell Printer Status Database (DLSDB) - Dell Inc. - C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE O23 - Service: FlipShare Service - Unknown owner - C:\Program Files\Flip Video\FlipShare\FlipShareService.exe O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: SonicWall VPN Client Service (RampartSvc) - SonicWALL, Inc. - C:\Program Files\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe O23 - Service: Remote - Unknown owner - C:\Program Files\Remote\Remote.exe (file missing) O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe -- End of file - 9820 bytes